MessiahPrivacy Policy
Last updated: April 2026
Data Protection
This data protection notice ("Notice") sets out the basis which OneSavie Labs Limited ("OneSavie Labs"), and its affiliates, (collectively "OneSavie Labs" or "we" or "us" or "our") may collect, use, disclose or otherwise process your personal data in accordance with the Singapore Personal Data Protection Act ("PDPA"). This Notice applies to personal data in our possession or under our control, including personal data in the possession of organisations which we have engaged to collect, use, disclose or process personal data for our purposes.
Personal Data
As used in this Notice:
"client" means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us.
"personal data" means data, whether true or not, about a client who can be identified: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and email address.
Collection, Use and Disclosure of Personal Data
We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws.
We may collect and use your personal data for any or all of the following purposes:
- (a)Performing obligations in connection with our provision of services requested by you.
- (b)Responding to, handling, and processing queries, requests, applications, complaints, and feedback from you.
- (c)Managing your relationship with us.
- (d)Any other purposes for which you have provided the information.
- (e)Any other incidental business purposes related to or in connection with the above.
Withdrawing Your Consent
The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent by submitting your request in writing or via email to our Data Protection Officer at ask@onesavie.com.
Upon receipt of your written request to withdraw your consent, we may require reasonable time for your request to be processed. In general, we shall seek to process your request within ten (10) business days of receiving it.
Access to and Correction of Personal Data
If you wish to make an access request or a correction request regarding your personal data, you may submit your request in writing or via email to our Data Protection Officer at ask@onesavie.com. We will respond to your request within ten (10) business days.
Protection of Personal Data
To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, and disclosing personal data only on a need-to-know basis.
Retention of Personal Data
We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your personal data as soon as it is reasonable to assume that such retention no longer serves the purpose for which it was collected.
Transfers of Personal Data outside of Singapore
We may transfer your personal data to countries outside of Singapore. If we do so, we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the PDPA.
Cookie Policy
This policy specifies the types of cookies we use when you are accessing onesavie.com/product/messiah.
Cookies are small files stored on your device when you're browsing the Website. We use the following types of cookies:
These cookies record basic information that makes our Website function properly. They last only for a single browsing session and are removed when you leave our Website.
These cookies help us improve your browsing experience by collecting frequency of page visits and recording any error messages. The information is anonymous and will not identify you as an individual.
These cookies allow us to remember your preferences and choices to improve your Website experience. The information stored is encrypted so that only we can read it.
These cookies store information about topics you may be interested in to customise content more relevant to you. This information may be shared with advertising networks we work with.
You can manage and switch off cookies in your browser settings. However, if you switch them off, you may not be able to browse properly on this Website.
Extension Data Collection
Messiah requires access to all websites (<all_urls>) to perform on-demand security scans and to intercept wallet signing requests across any dApp you visit. All data transmitted to our API server is sent over HTTPS.
When you initiate a scan, the extension reads the following from the active tab and transmits it to our API server for security analysis:
- –Page URL and title
- –HTML structure (capped at 100 KB; inline script content is stripped and not transmitted)
- –External script source URLs (cross-checked against VirusTotal server-side to detect known malicious code)
- –Form structure: field types and names, and whether password or email fields are present (form values are not collected)
- –External resource URLs: stylesheets, iframes, and cross-domain images
Scan data is processed in real time and is not retained after the analysis completes.
When a dApp sends a signing request to your wallet, the extension intercepts the request parameters (method, transaction data, typed data, or personal sign payloads) and temporarily stores them in your browser's local storage (chrome.storage.local) pending your review. When you initiate analysis, this data is transmitted to our API server for risk assessment. No transaction is submitted or blocked without your explicit action.
When you submit a wallet or contract address for review, the address is transmitted to our API server, which queries the following third-party services on your behalf: Etherscan, GoPlus, Chainabuse, and Revoke.cash. Only the submitted address is shared with these services; no other personal data is transmitted.
Your API Key is stored locally in your browser's storage (chrome.storage.local) and is used solely to authenticate requests to our API server. It is never transmitted to any third party.
None of the data described above is retained on our servers beyond the duration of each individual request. Transaction data temporarily stored in local browser storage is cleared after you complete your review.
All data collected by this extension is used solely to provide the security analysis features described above. We do not use or transfer this data for advertising, profiling, or any purpose unrelated to the extension's security functionality. We do not permit employees or contractors to read user data except where required by law or to investigate abuse.
Contact
You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures at ask@onesavie.com.